I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

PowerPoint Slideshow about 'Computer Security' - RexAlvis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

“It only took 10 minutes for the SQL Slammer worm to race across the globe and wreak havoc on the Internet two weeks ago, making it the fastest-spreading computer infection ever seen.”

“The worm, which nearly cut off Web access in South Korea and shut down some U.S. bank teller machines, doubled the number of computers it infected every 8.5 seconds in the first minute of its appearance.”

the protection of the computer resources against accidental or intentional disclosure of confidential data, unlawful modification of data or programs, the destruction of data, software or hardware, and the denial of one's own computer facilities irrespective of the method together with such criminal activities including computer related fraud and blackmail. [Palmer]

The latest Cyber Security Bulletin (http://www.us-cert.gov/cas/body/bulletins/SB04-133.pdf), highlighting security items for April 28 through May 11 is 55 pages.

CVE Report (http://cve.mitre.org/) has 480 pages of certified vulnerabilities and exposures and 853 pages of candidates for consideration ranging from buffer overflows and denial of service attacks to bugs in software:

347 CVE entries or candidates that match Linux

Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value.

A Gartner study found buffer overflows to be the most common security flaw in programs. Unfortunately, matters haven't improved since that study was done in 1999. Not a week goes by without the announcement of yet another serious overflow-triggered vulnerability.

Overflows occur when a program tries to store more data than the allocated memory can hold. The extra data slops over into the adjacent memory area, overwriting what was already there, including data or instructions. Malicious hackers have become proficient at leveraging such overflows to introduce their own code into programs, effectively hijacking the computer.

At the same time, overflows occur when programmers do not include code to check the size of data before storing it. Some programming languages make overflows difficult or impossible, because they automatically expand the memory area as needed to accommodate incoming data. Other languages, including C, make overflows practically inevitable since they typically lack any automatic size checking and will happily cram "10 pounds of data" into a five-pound memory area.

Unless a programmer makes a special effort to test for overflow conditions, these flaws become part of the application. The deadline pressure to get code out the door exacerbates the problem: instead of developers or testers addressing the issue, flaws turn up on the computers of millions of users.

“Today’s complex Internet networks cannot be made watertight…. A system administrator has to get everything right all the time; a hacker only has to find one small hole. A sysadmin has to be lucky all of the time; a hacker only has to get lucky once. It is easier to destroy than to create.”

The Computing Technology Industry Association's second annual report on IT security and the work force indicates 36.8 percent of respondents experienced one or more browser-based attacks during the last six months, up from 25 percent the year before.

$45 billion worldwide spending on IT security products and services by 2006. (IDC)

“The increased sophistication of worms really concerns us and while we didn’t see a major outbreak in the first half of this year for Linux-based blended threats, we really do believe it’s on the horizon.” – Tony Vincent, senior analyst at Symantec.

April 15, The Register - NetSky-V spreads on auto-pilot. Yet another NetSky virus arrived on the scene Thursday, April 15. NetSky-V spreads using a well known Internet Explorer vulnerability, connected with the handling of XML pages. Instead of depending on users double clicking on infectious email attachments, the worm can spread automatically across vulnerable Windows boxes. Users can be infected by NetSky-V simply by reading an infected email. From April 22-29, NetSky-V is programmed to launch a denial of service attack on file-sharing and warez websites. Source: http://www.theregister.co.uk/2004/04/15/pesky_netsky/

"The authors of the Netsky and Bagle worms have been battling for virus writing supremacy in March, with both releasing new variants in a tit-for-tat game of one-upmanship," said Carole Theriault, a security consultant at Sophos. "The Netsky author wins the dubious accolade of the month's biggest virus, accounting for almost 60 per cent of all reports to Sophos, but the biggest losers are the innocent computer users who have been caught in the crossfire of the Netsky/Bagle spat.“

Advice to defend against Netsky in all its varied guises follows a familiar pattern: update AV signature files, apply patches, use a personal firewall and wear a regulation tin-foil hat. April 15, The Register

80%-90% of any/all security issues are INTERNAL ( not the outside world )

If you want to simulate a disk crash right now (unplug it NOW)...

what data did you just lose ..

how fast can you recover your entire system from the offline backups ..

If the hacker/cracker penetrated your firewall ...

what else can they do to your network/data ...

what will they see on your network and other computers ...

If your T1/T3 died ( dead router, dead csu/dsu, dead hubs ) ...

how much loss of productivity (lost revenue) would you suffer for being offline ...

do you have a secondary backup internet connection ...

There always is someone out there that can get in ... if they wanted to ...

http://www.linux-sec.net/

"Ninety-five percent of software bugs are caused by the same 19 programming flaws," Yoran said. For this reason, it's "inexcusable" to develop software that suffers from an avoidable flaw such as buffer overflow.

Stay up to date. Use update services from Microsoft to keep your systems up to date.

Use and keep antivirus software up-to-date. You should not let remote users or laptops connect to your network unless they have up-to-date antivirus software installed. In addition, consider using antivirus software in multiple points of your computer infrastructure, such as on edge Web proxy systems, as well as on email servers and gateways.

You should also protect your network by requiring employees to take the same three steps with home and laptop PCs they use to remotely connect to your enterprise, and by encouraging them to talk with friends and family to do the same with their PCs. (http://www.microsoft.com/protect)